This doesn't seem like a terribly important information leak, but what gets me i... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mistercow on Jan 19, 2017 \| parent \| context \| favorite \| on: PSA: LastPass Does Not Encrypt Everything in Your ... This doesn't seem like a terribly important information leak, but what gets me is that they obfuscated it by converting it to hex. Why do that? On the one hand, it feels like they're being sneaky and trying to trick savvier users who might glance at the data to make sure it "looks encrypted". On the other hand, they have to have realized someone would notice eventually. Or maybe that's the point: if they obfuscated it well, someone would break it and they'd have egg on their faces. By just hiding it a little, they have plausible deniability that they weren't trying to obfuscate. But any way you slice it, it seems weird.

rocqua on Jan 19, 2017 | [–]

Conversion to hex is probably to deal with characters that would require conversion if a part of the URL.

daveFNbuck on Jan 19, 2017 | [–]

It's probably just easier to convert it to hex rather than worry about escaping characters. I've done that before.

mistercow on Jan 19, 2017 | [–]

Yeah, good point, although URL escaping is particularly easy.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact